internal network mapping & traversal

[lister () lihim org]

What techniques have you found useful for mapping out a network from a starting position?

An internal network could use all RFC 1918 networks 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16

Basically if you are dropped into an internal network (general dhcp user workstations), what
would be good starting points to discover what networks are available and the paths
through the network.

I would assume that there is a way to determine what networks you have access to and
determine which network devices you will need to bypass (ie. all packets stop at X
network devices, which may be some type of firewall/routeracl, etc).

Getting on the network you would have DHCP and the provided information (gw, dns, etc), but
what about determining other networks used internally?  Is this just trial and error with
network probing?  Do you run multiple traceroutes against different IP addresses to find
the network gateways/firewalls?

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------